Access and security#
This page describes Lambda Cloud's access management and security features.
Access management#
Lambda provides lightweight access management mechanisms to ensure secure access while minimizing friction.
API keys#
The Lambda Cloud API uses API keys to authenticate incoming requests. You can generate a new API key pair or view your existing API keys by visiting the API keys page in the Lambda Cloud console. API keys have full access to all Lambda API operations.
SSH keys#
Before you launch an instance, you must add an SSH key to your Lambda Cloud account. When you go through the process of launching an instance, you'll be prompted to supply this SSH key so you can securely connect to the instance after launching. You can import an existing key if you have one, or you can generate a new one in the Lambda Cloud console.
For guidance on setting up an SSH key, see Connecting to an instance > Setting up SSH access.
Teams#
You can add new members to your Lambda account by inviting them to join your Team. Each Team member can be either an Admin or a Member:
- Both roles have full access to your Lambda resources. Each can create API keys, launch and terminate instances, and retrieve audit logs, for example.
- Admins can also invite or remove Team members, modify the project's payment information, and rename the team.
The invitee's email address must not already be associated with an existing Lambda account. If your team member already has a Lambda account, ask them to provide a different address or, if feasible, to close their existing account.
For details on creating and updating Teams, see Teams.
Important
Each role has full access to your Lambda resources. Make sure to invite only trusted persons to your Team.
Firewall rulesets#
You can use global or per-instance firewall rulesets to allow only connections from trusted source IPs. For more details about firewall rulesets, see Firewalls.
Compliance#
Audit logs#
Lambda provides audit event logs through the Audit Events endpoint in the Lambda Cloud API. These logs provide a detailed record of the user- and API-level events that occur in your Lambda Cloud account. Lambda logs audit events automatically and retains them for six months. For more details, see the Audit Events section in the Cloud API browser.
The following table outlines the current catalog of audit events.
| Event | Description |
|---|---|
cloud.api_key.created |
An API key resource was created. |
cloud.api_key.deleted |
An API key resource was deleted. |
cloud.billing.address_updated |
The billing address associated with the account was updated. |
cloud.cluster.launched |
A 1-Click Cluster was launched. |
cloud.cluster.terminated |
A 1-Click Cluster was terminated. |
cloud.firewall_ruleset.created |
A firewall ruleset was created. |
cloud.firewall_ruleset.deleted |
A firewall ruleset was deleted. |
cloud.firewall_ruleset.updated |
A firewall ruleset was modified or updated. |
cloud.identity.banned |
An identity associated with the account was banned. |
cloud.identity.created |
An identity associated with the account was created. |
cloud.identity.deactivated |
An identity associated with the account was deactivated. |
cloud.identity.email_verified |
An identity associated with the account verified their email. |
cloud.identity.roles_changed |
The role of an identity associated with the account was modified. |
cloud.identity.suspended |
An identity associated with the account was suspended. |
cloud.identity.unbanned |
An identity associated with the account was unbanned. |
cloud.identity.unsuspended |
An identity associated with the account was unsuspended. |
cloud.instance.launched |
An On-Demand Cloud instance was launched. |
cloud.instance.terminated |
An On-Demand Cloud instance was terminated. |
cloud.ssh_key.created |
An SSH key resource was created. |
cloud.ssh_key.deleted |
An SSH key resource was deleted. |
Trust portal#
The Lambda Trust Portal documents Lambda's security posture, compliance certifications, data policies, and more.